Welchia Worm

The Welchia worm uses the MS DCOM vulnerability or a WebDAV vulnerability. After infecting a computer, it begins searching, in its class B network, other live computers, candidates to be infected. It does so by sending a specific ping packet, waiting for the reply that is signaling that the target is alive. The flood of pings may disrupt network connectivity.

Protection Overview

When this protection is enabled, IPS will identify and drop the Welchia worm specific ping packets.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

In the IPS tab, click Protections and find the Welchia Worm protection using the Search tool and Edit the protection's settings.